1. Who We Are
FlashRole ("we", "us", "our") is operated by Asher Corporation Limited, based in England and Wales. We provide a welcoming career workspace at https://flashrole.com.
For all data-related enquiries, contact our privacy team at: privacy@flashrole.com
2. What Data We Collect
We collect only the minimum data necessary to deliver and improve our services:
| Category | What We Collect | Legal Basis |
|---|---|---|
| Account Data | Name, email address, profile picture (via Clerk authentication) | Contract performance |
| CV & Career Data | CV text, job descriptions, interview responses you submit | Contract performance — to generate coaching insights and drafts |
| Usage Data | Pages visited, feature usage, session duration, browser/device type | Legitimate interest — product improvement and security |
| Payment Data | Billing name, last 4 card digits, payment history (via Stripe — we never see full card numbers) | Contract performance / Legal obligation |
| Communications | Support messages you send to us | Legitimate interest — customer support |
| Technical Data | IP address, cookies, log files | Legitimate interest — security and fraud prevention |
We do not collect: passport numbers, National Insurance numbers, biometric data, or any special categories of personal data under GDPR Article 9.
3. How We Use Your Data
- To create and manage your FlashRole account
- To process your CV, job descriptions, and interview responses through automated analysis to produce reports, rewrites, cover letters, and feedback
- To process subscription and credit payments via Stripe
- To send transactional emails (account confirmation, payment receipts)
- To detect fraud, abuse, and security threats
- To improve analysis quality and product features using aggregated, anonymised data
- To comply with legal obligations
We do not use your data for advertising or sell it to third parties.
4. Third-Party Sub-Processors
We share data with the following trusted sub-processors solely to deliver our services:
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Clerk | Authentication and session management | United States | SCCs / adequacy decision |
| OpenAI | Automated analysis and drafting (your CV text may be sent via OpenAI's API) | United States | SCCs — OpenAI DPA |
| Stripe | Payment processing and billing | United States | SCCs / adequacy decision |
| Railway | Backend hosting and database infrastructure | United States | SCCs |
| Vercel | Frontend hosting and CDN | United States | SCCs |
| Google Fonts | Font delivery (no personal data sent) | United States | N/A |
SCCs = Standard Contractual Clauses approved by the European Commission.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until you delete your account + 30 days |
| CV & career data | Until you delete your account + 30 days |
| Payment records | 7 years (legal/tax obligation) |
| Server logs | 90 days |
| Support communications | 3 years after last contact |
6. Your Rights Under GDPR
If you are resident in the UK, EU, or EEA, you have the following rights:
- Right of access — request a copy of all personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to data portability — request your data in a machine-readable format
- Right to restrict processing — ask us to pause processing your data
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — for any processing based on consent
To exercise any of these rights, email privacy@flashrole.com. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (UK) at ico.org.uk.
7. Cookies
We use the following types of cookies:
- Essential cookies — required for authentication and session management (Clerk). Cannot be disabled.
- Functional cookies — store your preferences (theme, language). Can be cleared in browser settings.
- Payment cookies — set by Stripe during checkout. Required for fraud prevention.
We do not use advertising or tracking cookies. See our full Cookie Policy.
8. Children's Privacy
FlashRole is not directed at children under 16. We do not knowingly collect data from users under 16. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@flashrole.com.
9. International Data Transfers
FlashRole operates globally. Your data may be transferred to and processed in countries outside your own (including the United States) by our sub-processors. All such transfers are protected by Standard Contractual Clauses (SCCs) or other legally approved safeguards.
10. Security
We implement industry-standard security measures including:
- TLS/HTTPS encryption for all data in transit
- Encrypted database storage at rest (AES-256)
- Access controls — only authorised personnel can access production data
- No storage of full payment card numbers (handled entirely by Stripe)
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or an in-app notice. The effective date at the top of this page will be updated. Continued use of FlashRole after changes constitutes acceptance of the updated policy.
12. Contact Us
For any privacy enquiries or to exercise your rights: